Fix dockerfile regex, hidden folder, stereoscope cleanup (AST-88922)

go.mod

@@ -3,8 +3,8 @@ module github.com/Checkmarx/containers-resolver
 go 1.24.1
 
 require (
-	github.com/Checkmarx/containers-images-extractor v1.0.7
-	github.com/Checkmarx/containers-syft-packages-extractor v1.0.10
+	github.com/Checkmarx/containers-images-extractor v1.0.8
+	github.com/Checkmarx/containers-syft-packages-extractor v1.0.11
 	github.com/Checkmarx/containers-types v1.0.3
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.10.0
@@ -288,4 +288,4 @@ require (
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
-replace google.golang.org/protobuf => google.golang.org/protobuf v1.33.0
+replace google.golang.org/protobuf => google.golang.org/protobuf v1.33.0

go.sum

@@ -61,10 +61,10 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Checkmarx/containers-images-extractor v1.0.7 h1:lLgaDFFqz1jksN3/d/6sLXO0C0ODbt9xExbt44YMEOg=
-github.com/Checkmarx/containers-images-extractor v1.0.7/go.mod h1:ZtOqhzlErPr2QL9xGjMmxwGvzXUwi+G5BBeOfdY62Ug=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.10 h1:35n22bjH2Tx5+B8vcqIHogHeEWOQrT2lUf4uaIjoENw=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.10/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E=
+github.com/Checkmarx/containers-images-extractor v1.0.8 h1:X9EYkQKVjhNWcm0VCEFEF4/3O2wXM2QQtSTv5bDxm/I=
+github.com/Checkmarx/containers-images-extractor v1.0.8/go.mod h1:ZtOqhzlErPr2QL9xGjMmxwGvzXUwi+G5BBeOfdY62Ug=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.11 h1:mXQMz9a68DiP2Pwi4Dwj+ysPGHtGCOdouPSeA9u/Wi0=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.11/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E=
 github.com/Checkmarx/containers-types v1.0.3 h1:srk+RQnyPXyFKmVHA6P9SQZAtjczyndZ1aa0CWF/6/0=
 github.com/Checkmarx/containers-types v1.0.3/go.mod h1:F13rfevriqYHR+0ahk3W9H8uLK0Msbts012f1pIxJb0=
 github.com/CycloneDX/cyclonedx-go v0.9.2 h1:688QHn2X/5nRezKe2ueIVCt+NRqf7fl3AVQk+vaFcIo=

pkg/containerResolver/containerScanner.go

@@ -1,6 +1,9 @@
 package containersResolver
 
 import (
+	"os"
+	"path/filepath"
+
 	"github.com/Checkmarx/containers-images-extractor/pkg/imagesExtractor"
 	"github.com/Checkmarx/containers-syft-packages-extractor/pkg/syftPackagesExtractor"
 	"github.com/Checkmarx/containers-types/types"
@@ -30,10 +33,10 @@ func (cr *ContainersResolver) Resolve(scanPath string, resolutionFolderPath stri
 	}
 	log.Debug().Msgf("Resolve func parameters: scanPath=%s, resolutionFolderPath=%s, images=%s, isDebug=%t", scanPath, resolutionFolderPath, images, isDebug)
 
-	// 0. validate input
-	err := validate(resolutionFolderPath)
+	// 0. validate input and create .checkmarx folder
+	checkmarxPath, err := validate(resolutionFolderPath)
 	if err != nil {
-		log.Err(err).Msg("Resolution Path is not valid.")
+		log.Err(err).Msg("Resolution Path is not valid or could not create .checkmarx folder.")
 		return err
 	}
 
@@ -59,32 +62,42 @@ func (cr *ContainersResolver) Resolve(scanPath string, resolutionFolderPath stri
 		return err
 	}
 
-	//5. save to resolution file path
-	err = cr.SaveObjectToFile(resolutionFolderPath, resolutionResult)
+	//5. save to resolution file path (now using .checkmarx folder)
+	err = cr.SaveObjectToFile(checkmarxPath, resolutionResult)
 	if err != nil {
 		log.Err(err).Msg("Could not save resolution result.")
 		return err
 	}
 	//6. cleanup files generated folder
-	err = cleanup(resolutionFolderPath, outputPath)
+	err = cleanup(resolutionFolderPath, outputPath, checkmarxPath)
 	if err != nil {
 		log.Err(err).Msg("Could not cleanup resources.")
 		return err
 	}
 	return nil
 }
 
-func validate(resolutionFolderPath string) error {
+func validate(resolutionFolderPath string) (string, error) {
 	isValidFolderPath, err := imagesExtractor.IsValidFolderPath(resolutionFolderPath)
 	if err != nil || isValidFolderPath == false {
-		return err
+		return "", err
 	}
-	return nil
+
+	checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers")
+
+	err = os.MkdirAll(checkmarxPath, 0755)
+	if err != nil {
+		return "", err
+	}
+
+	return checkmarxPath, nil
 }
 
-func cleanup(originalPath string, outputPath string) error {
-	if outputPath != "" && outputPath != originalPath {
+func cleanup(originalPath string, outputPath string, checkmarxPath string) error {
+	if outputPath != "" && outputPath != originalPath && checkmarxPath != "" {
 		err := imagesExtractor.DeleteDirectory(outputPath)
+		imagesExtractor.DeleteDirectory(checkmarxPath)
+
 		if err != nil {
 			return err
 		}

pkg/containerResolver/containerScanner_test.go

@@ -4,14 +4,16 @@ package containersResolver_test
 
 import (
 	"errors"
-	"github.com/Checkmarx/containers-resolver/pkg/containerResolver"
+	"os"
+	"path/filepath"
+	"testing"
+
+	containersResolver "github.com/Checkmarx/containers-resolver/pkg/containerResolver"
 	"github.com/Checkmarx/containers-syft-packages-extractor/pkg/syftPackagesExtractor"
 	"github.com/Checkmarx/containers-types/types"
 	"github.com/rs/zerolog/log"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"os"
-	"testing"
 )
 
 // Mock for ImagesExtractorInterface
@@ -92,7 +94,7 @@ func TestResolve(t *testing.T) {
 	expectedResolution := []*syftPackagesExtractor.ContainerResolution{
 		{
 			ContainerImage: syftPackagesExtractor.ContainerImage{
-				ImageName:      "image1",
+				ImageName:      "image1:blabla",
 				ImageTag:       "latest",
 				Distribution:   "debian",
 				ImageHash:      "sha256:123abc",
@@ -118,6 +120,8 @@ func TestResolve(t *testing.T) {
 	}
 
 	t.Run("Success scenario", func(t *testing.T) {
+		checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers")
+		createTestFolder(checkmarxPath)
 
 		mockImagesExtractor.On("ExtractFiles", scanPath).
 			Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path", nil)
@@ -127,15 +131,15 @@ func TestResolve(t *testing.T) {
 			map[string]map[string]string{"settings.json": {"key": "value"}}).
 			Return([]types.ImageModel{{Name: "image1"}}, nil)
 		mockSyftPackagesExtractor.On("AnalyzeImages", mock.Anything).Return(expectedResolution, nil)
-		mockImagesExtractor.On("SaveObjectToFile", resolutionFolderPath, expectedResolution).Return(nil)
+		mockImagesExtractor.On("SaveObjectToFile", checkmarxPath, expectedResolution).Return(nil)
 
 		err := resolver.Resolve(scanPath, resolutionFolderPath, images, true)
 		assert.NoError(t, err)
 
 		mockImagesExtractor.AssertCalled(t, "ExtractFiles", scanPath)
 		mockImagesExtractor.AssertCalled(t, "ExtractAndMergeImagesFromFiles", sampleFileImages, mock.Anything, mock.Anything)
 		mockSyftPackagesExtractor.AssertCalled(t, "AnalyzeImages", mock.Anything)
-		mockImagesExtractor.AssertCalled(t, "SaveObjectToFile", resolutionFolderPath, expectedResolution)
+		mockImagesExtractor.AssertCalled(t, "SaveObjectToFile", checkmarxPath, expectedResolution)
 	})
 
 	t.Run("ScanPath Validation failure", func(t *testing.T) {
@@ -151,6 +155,9 @@ func TestResolve(t *testing.T) {
 		mockImagesExtractor.ExpectedCalls = nil
 		mockImagesExtractor.Calls = nil
 
+		checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers")
+		createTestFolder(checkmarxPath)
+
 		mockImagesExtractor.On("ExtractFiles", scanPath).
 			Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path",
 				errors.New("invalid path"))
@@ -167,6 +174,9 @@ func TestResolve(t *testing.T) {
 		mockSyftPackagesExtractor.ExpectedCalls = nil
 		mockSyftPackagesExtractor.Calls = nil
 
+		checkmarxPath := filepath.Join(resolutionFolderPath, ".checkmarx", "containers")
+		createTestFolder(checkmarxPath)
+
 		mockImagesExtractor.On("ExtractFiles", scanPath).
 			Return(sampleFileImages, map[string]map[string]string{"settings.json": {"key": "value"}}, "/output/path", nil)